Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

My Computer is infested![CLOSED]

NOC

Posted 15 April 2005 - 08:03 AM

NOC

Member

Member

26 posts

Iv'e been getting a lot of viruses on my computer dispite i'm behind Windows firewall, Zone Alarm, and Norton Internet Security - not to mention a router hardware firewall. Diff things are popping up on my task manager so i'm concerned. Everyweek, there is a new virus in my Sun/Java folder (usually a Byte.verify Trojan) Can someone take a look at my HJT log and see if there is anything that doesn't look right. Thanks in Advance, NOC

Advertisements

Kat

Posted 25 April 2005 - 02:41 AM

Kat

Retired

Retired Staff

19,711 posts

Hello there! My name is Kat and I will be helping you to get your computer cleaned back up and on the go!

It is not a good idea to run more than one firewall. One is more than sufficient, especially if you employ the use of other *free* programs/tools we recommend. If you run more than one at a time, they can compete with each other and interfere...allowing things to get into your system. I recommend disabling all but the one you like the most, for its ease of use. (personally, I use Zone Alarm)

You do have a bit of Malware on your computer. I recommend printing these instructions or saving them to a Notepad file on your desktop.

1. Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode: Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

2. Click on Start>Search>All Files and Folders. Using the scroll bar, arrow down and "look in" hard drives . Click on "More advanced options" and make sure all of the following have a check next to them:

Search System Folders

Search hidden files and folders

Search Subfolders

Make sure the last two options are unchecked!

now, scroll back up and enter the following to search for: ADW_INSTAFIND

remove ALL instances found (if any) of this

3. After you have done the above, reboot normally and post a fresh HJT log for me to check to make sure you are good to go!

Kat

Posted 28 April 2005 - 12:44 AM

Kat

Retired

Retired Staff

19,711 posts

your pop-ups are coming from an infection known as Adware.InstaFinder. Luckily, you already have Symantec installed on your machine, so removal should be fairly easy. Please print these instructions, or save them to Notepad on your desktop.

Before attempting the next steps, please turn off Spybot S&D's TeaTimer, as this will interfere with the fix. Do this by right clicking the TeaTImer icon in your system tray, and choosing "Exit".

1. Disable System Restore (Windows Me/XP).

Click Start > Programs > Accessories > Windows Explorer

Right-click My Computer, and then click Properties.

Click the System Restore tab.

Check the "Turn off System Restore"

2. Update the virus definitions.3. Run a full system scan and delete all the files detected as Adware.InstaFinder.4. Delete any values added to the registry.

Open HijackThis and scan for a log. If the following two entries are present, place a check next to them and make sure all other programs and windows are closed, then click "Fix"O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - (no file)O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} -

Reboot. Turn System Restore back on by following the above steps, only this time choose to turn on System Restore. Scan for a fresh log with HJT, and post it here in a reply.

NOC

Posted 28 April 2005 - 07:09 PM

NOC

Member

Topic Starter

Member

26 posts

Ok, done....but does this explain all of the viruses that I've been getting. Specically, the Byte.Verify trojans that seem to always pop up in my Java folder. There have been several classes of trojans (ie. parser class, counter class, and installer applet class). They are always in the same place (ex. The compressed file Parser.class within C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv638.jar-1a84e7cc-3d02d4d3.zip is infected with the Trojan.ByteVerify virus), what do I do?

Posted 29 April 2005 - 12:42 AM

Kat

Posted 29 April 2005 - 01:18 AM

Kat

Retired

Retired Staff

19,711 posts

I do understand your concerns. I just checked the Ewido. You can download a 14 day trial version for free here. That will ensure you aren't scanning online. Ewido is very very good, so download that and post me the scan results so I can see what and where any problems are, and tell you how to effectively remove them.

Also, something I noticed a moment ago is that you are running two different firewalls. This is never recommended. It actually will not offer you more protection. THe opposite is actually true, they can "cancel out" each other, and interefere with each other, leaving you open to hacking and hijacking. We always recommend running only one anti virus and one firewall, along with the other recommended tools such as Spybot, AdAware, etc.